U.K. scientists build weapon to combat phishing, password theft

[Lee J <lee () riskbasedsecurity com>]

http://www.upi.com/Science_News/2013/08/23/UK-scientists-build-weapon-to-combat-phishing-password-theft/UPI-99461377293275

LONDON, Aug. 23 (UPI) -- Researchers at a British university say they've
developed technology to help protect people from "phishing" cyberattacks
and online password theft.

In phishing attacks, criminals lure people to fake websites that look like
real ones and encourage them to enter their log-in details, including
passwords and sometimes personal and financial information.

Computer scientists from Royal Holloway University in London say they've
devised a system named Uni-IDM that will enable people to create electronic
identity cards for each website they access.

The virtual identity cards are then securely stored, allowing owners to
simply click on the card when they want to log back in, safe in the
knowledge that the data will only be sent to the authentic website, a
university release reported Friday.

"We have known for a long time that the user name and password system is
problematic and very insecure, proving a headache for even the largest
websites," researcher Chris Mitchell of the university's Information
Security Group said. "LinkedIn was hacked, and over 6 million stolen user
passwords were then posted on a website used by Russian cyber criminals;
Facebook admitted in 2011 that 600,000 of its user accounts were being
compromised every single day.

"Despite this," Mitchell said, "user name and password remains the dominant
technology, and while large corporations have been able to employ more
secure methods, attempts to provide homes with similar protection have been
unsuccessful, except in a few cases such as online banking."

The researchers said Uni-IDM is designed as a solution for people who will
need to access the growing number government services going online, such as
tax and benefits claims, with many of those people having little experience
using the Internet.

"The hope is that our technology will finally make it possible to provide
more sophisticated technology to protect all Internet users," Mitchell said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.